[OE-core] [PATCH] libpam: reproducibility: Fix host umask leakage at patch-time
Douglas Royds
douglas.royds at taitradio.com
Thu Dec 20 05:40:44 UTC 2018
The patch file pam-security-abstract-securetty-handling.patch creates a new
file (tty_secure.c) at patch-time, so its permissions are subject to the host
umask. This file is later copied into the -dbg package with no change in
permissions.
Signed-off-by: Douglas Royds <douglas.royds at taitradio.com>
---
meta/recipes-extended/pam/libpam_1.3.0.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-extended/pam/libpam_1.3.0.bb b/meta/recipes-extended/pam/libpam_1.3.0.bb
index 3aec2cdb4c..292b570e11 100644
--- a/meta/recipes-extended/pam/libpam_1.3.0.bb
+++ b/meta/recipes-extended/pam/libpam_1.3.0.bb
@@ -49,6 +49,9 @@ S = "${WORKDIR}/Linux-PAM-${PV}"
inherit autotools gettext pkgconfig
+# We create a new file (tty_secure.c) from pam-security-abstract-securetty-handling.patch
+do_patch[umask] = "022"
+
PACKAGECONFIG[audit] = "--enable-audit,--disable-audit,audit,"
PACKAGES += "${PN}-runtime ${PN}-xtests"
--
2.17.1
More information about the Openembedded-core
mailing list